The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim question for Chirpy

Discussion in 'General Discussion' started by CaMer0n, Oct 1, 2006.

  1. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    dear chirpy,

    Could you please tell me if this is exim config is correct?
    Most of the mails about this subject, on this board, are atleast 3 years old. :confused:
    I just received a spam from an IP that is on one of the spamhaus lists, so maybe I'm doing something wrong?

    Thanks in advance,
    Cameron


    Code:
    #!!# ACL that is used after the RCPT command
    check_recipient:
      # Exim 3 had no checking on -bs messages, so for compatibility
      # we accept if the source is local SMTP (i.e. not over TCP/IP).
      # We do this by testing for an empty sending host field.
      accept  hosts = :
    
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      #if it gets here it isn't mailman
                                                                                                                                               
      #sender verifications are required for all messages that are not sent to lists
                                                                                                                                               
      require verify = sender
      accept  domains = +local_domains
      endpass
                                                                                                                                               
      #recipient verifications are required for all messages that are not sent to the local machine
      #this was done at multiple users requests
                                                                                                                                               
      message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
      verify = recipient
                                                                                                                                               
      accept  domains = +relay_domains
    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
            hosts = +relay_hosts
      accept  hosts = +relay_hosts
                                                                                    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
            condition = ${perl{checkrelayhost}{$sender_host_address}}
      accept  condition = ${perl{checkrelayhost}{$sender_host_address}}
    
      accept  hosts = +auth_relay_hosts
              endpass
              message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
              authenticated = *
    
      deny    message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
    
    
    #!!# ACL that is used after the DATA command
    check_message:
      require verify = header_sender
    
    # Check sending hosts against DNS black lists.
    # Reject message if address listed in blacklist.
    deny message = rejected because $sender_host_address is blacklisted at $dnslist_domain\n $dnslist_text
    dnslists = relays.ordb.org : list.dsbl.org : blackholes.easynet.nl : spamsites.relays.osirusoft.com : sbl.spamhaus.org : xbl.spamhaus.org : blackholes.mail-abuse.org
    
      accept
    
    # Allow mail to postmaster on blacklisted local domains
    # Mail to postmaster is never blocked by any subsequent tests.
    accept local_parts = postmaster
    domains = +local_domains
    
    # Requires the sender address to be verified.
    require verify = sender
    
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    The ACL is in the wrong place, thats all, needs to be at the rcpt stage instead of data
     
  3. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Thanks Nick.
    Would you be able to post the whole correct text?
    Sorry, I'm a complete newbie to this, and don't want to mess up the mail on our server.

    Thanks in advance.
     
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    This should do it (I only copied and pasted your original post, so if there are errors its down to that)

    Code:
    #!!# ACL that is used after the RCPT command
    check_recipient:
      # Exim 3 had no checking on -bs messages, so for compatibility
      # we accept if the source is local SMTP (i.e. not over TCP/IP).
      # We do this by testing for an empty sending host field.
      accept  hosts = :
      
      # Check sending hosts against DNS black lists.
      # Reject message if address listed in blacklist.
      deny message = rejected because $sender_host_address is blacklisted at $dnslist_domain\n $dnslist_text
      dnslists = relays.ordb.org : list.dsbl.org : blackholes.easynet.nl : spamsites.relays.osirusoft.com : sbl.spamhaus.org :   xbl.spamhaus.org : blackholes.mail-abuse.org
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                    {yes}{no}}
    
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
               condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      accept   condition    = \
               ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                         {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                    {yes}{no}}
    
      #if it gets here it isn't mailman
                                                                                                                                               
      #sender verifications are required for all messages that are not sent to lists
                                                                                                                                               
      require verify = sender
      accept  domains = +local_domains
      endpass
                                                                                                                                               
      #recipient verifications are required for all messages that are not sent to the local machine
      #this was done at multiple users requests
                                                                                                                                               
      message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
      verify = recipient
                                                                                                                                               
      accept  domains = +relay_domains
    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
            hosts = +relay_hosts
      accept  hosts = +relay_hosts
                                                                                    
      warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
            condition = ${perl{checkrelayhost}{$sender_host_address}}
      accept  condition = ${perl{checkrelayhost}{$sender_host_address}}
    
      accept  hosts = +auth_relay_hosts
              endpass
              message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
              authenticated = *
    
      deny    message = $sender_fullhost is currently not permitted to \
                            relay through this server. Perhaps you \
                            have not logged into the pop/imap server in the \
                            last 30 minutes or do not have SMTP Authentication turned on in your email client.
    
    
    #!!# ACL that is used after the DATA command
    check_message:
      require verify = header_sender
    
      accept
    
    # Allow mail to postmaster on blacklisted local domains
    # Mail to postmaster is never blocked by any subsequent tests.
    accept local_parts = postmaster
    domains = +local_domains
    
    # Requires the sender address to be verified.
    require verify = sender
     
  5. lehels

    lehels Well-Known Member

    Joined:
    Jul 10, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    exim blacklist?

    exim.conf:
    #
    # Trap Failures to Remote Domain
    #

    fail_remote_domains:
    driver = redirect
    domains = ! +local_domains
    allow_fail
    data = ":fail: The mail server could not deliver mail to $local_part@$domain.
    The account or domain may not exist, they may be blacklisted, or missing the pr
    oper dns entries."


    the SMTP transaction test:

    >>> using ACL "check_recipient"
    >>> processing "accept"
    >>> check hosts = :
    >>> host in ":"? no (end of list)
    >>> accept: condition test failed
    >>> processing "warn"
    >>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} {yes}{no}}
    >>> = no
    >>> warn: condition test failed
    >>> processing "accept"
    >>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} {yes}{no}}
    >>> = no
    >>> accept: condition test failed
    >>> processing "warn"
    >>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} {yes}{no}}
    >>> = no
    >>> warn: condition test failed
    >>> processing "accept"
    >>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} {yes}{no}}
    >>> = no
    >>> accept: condition test failed
    >>> processing "require"
    >>> check verify = recipient
    >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    >>> routing psitest@psitest.ro
    >>> psitest.ro in "lsearch;/etc/localdomains"? no (end of list)
    >>> psitest.ro in "+local_domains"? no (end of list)
    >>> psitest.ro in "! +local_domains"? yes (end of list)
    >>> psitest.ro in "! +local_domains"? yes (end of list)
    >>> calling lookuphost router
    >>> lookuphost router declined for psitest@psitest.ro
    >>> psitest.ro in "! +local_domains"? yes (end of list)
    >>> calling literal router
    >>> literal router declined for psitest@psitest.ro
    >>> psitest.ro in "! +local_domains"? yes (end of list)
    >>> calling fail_remote_domains router
    >>> fail_remote_domains router forced address failure
    >>> ----------- end verify ------------
    >>> require: condition test failed

    550-The mail server could not deliver mail to psitest@psitest.ro. The account
    550-or domain may not exist, they may be blacklisted, or missing the proper dns
    550 entries.
    LOG: H=() [74.53.81.130] F=<test@beeline.ro> rejected RCPT psitest@psitest.ro: The mail server could not deliver mail to psitest@psitest.ro. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

    ----

    beeline.ro is hosted in our server,
    psitest.ro is not hosted by us, so it shouldn't be [it isn't] in the /etc/localdomains

    the domain is not blacklisted, and has proper dns entries,

    why the message still fails to leave? ok, accept condition failed, why failing?

    thank you,
    Lehel
     
Loading...

Share This Page